[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
- Subject: [cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
- From: Chris Adams <cmadams@xxxxxxxxxx>
- Date: Fri, 21 Jun 2002 21:54:20 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Once upon a time, Tom Worley <raq@xxxxxxxxxxxx> said:
> What is even more worrying is that the admserv (at least on raq3/4) is run as
> root, so if a raq3/4 (and probably all the other cobalt servers) were
> attacked on the admin server they would have root access.....
Just FYI (not defending Sun's inaction): the analysis appears to show
that glibc based platforms (i.e. Linux) are probably not vulnerable to
remote exploits, only denial of service. It appears that the OpenBSD
and FreeBSD libraries are vulnerable however.
--
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.